Commit dc97aa89 authored by michael.simon's avatar michael.simon
Browse files

Add "really read only" capability to 2fa

parent 6ae86ad6
package edu.kit.scc.webreg.service.twofa;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ejb.Stateless;
......@@ -59,39 +58,53 @@ public class TwoFaServiceImpl implements TwoFaService {
Map<String, String> configMap = configResolver.resolveConfig(identity);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpShowUserResponse response = linotpConnection.getTokenList();
LinotpTokenResultList resultList = new LinotpTokenResultList();
if (response.getResult() != null && response.getResult().getValue() != null &&
response.getResult().getValue().getData() !=null) {
resultList.addAll(response.getResult().getValue().getData());
}
if (configMap.containsKey("readOnly") && configMap.get("readOnly").equalsIgnoreCase("true")) {
if (configMap.containsKey("reallyReadOnly") && configMap.get("reallyReadOnly").equalsIgnoreCase("true")) {
LinotpTokenResultList resultList = new LinotpTokenResultList();
resultList.setReallyReadOnly(true);
resultList.setReadOnly(true);
if (configMap.containsKey("managementUrl")) {
resultList.setManagementUrl(configMap.get("managementUrl"));
}
return resultList;
}
else {
resultList.setReadOnly(false);
}
if (configMap.containsKey("managementUrl")) {
resultList.setManagementUrl(configMap.get("managementUrl"));
}
if (configMap.containsKey("adminRole")) {
resultList.setAdminRole(configMap.get("adminRole"));
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpShowUserResponse response = linotpConnection.getTokenList();
LinotpTokenResultList resultList = new LinotpTokenResultList();
if (response.getResult() != null && response.getResult().getValue() != null &&
response.getResult().getValue().getData() !=null) {
resultList.addAll(response.getResult().getValue().getData());
}
if (configMap.containsKey("readOnly") && configMap.get("readOnly").equalsIgnoreCase("true")) {
resultList.setReadOnly(true);
}
else {
resultList.setReadOnly(false);
}
if (configMap.containsKey("managementUrl")) {
resultList.setManagementUrl(configMap.get("managementUrl"));
}
if (configMap.containsKey("adminRole")) {
resultList.setAdminRole(configMap.get("adminRole"));
}
return resultList;
}
return resultList;
}
@Override
public Boolean hasActiveToken(IdentityEntity identity) throws TwoFaException {
identity = identityDao.merge(identity);
LinotpTokenResultList tokenList = findByIdentity(identity);
List<LinotpToken> tokenList = findByIdentity(identity);
if (tokenList.getReallyReadOnly()) {
return true;
}
for (LinotpToken token : tokenList) {
if (token.getIsactive()) {
......@@ -105,8 +118,12 @@ public class TwoFaServiceImpl implements TwoFaService {
@Override
public Boolean hasActiveTokenById(Long identityId) throws TwoFaException {
IdentityEntity identity = identityDao.findById(identityId);
List<LinotpToken> tokenList = findByIdentity(identity);
LinotpTokenResultList tokenList = findByIdentity(identity);
if (tokenList.getReallyReadOnly()) {
return true;
}
for (LinotpToken token : tokenList) {
if (token.getIsactive()) {
return true;
......
......@@ -78,14 +78,17 @@ public class LinotpConnection {
authCache = new BasicAuthCache();
authCache.put(targetHost, new BasicScheme());
credsProvider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(configMap.get("username"), configMap.get("password"));
credsProvider.setCredentials(AuthScope.ANY, credentials);
context = HttpClientContext.create();
context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);
if (configMap.containsKey("username")) {
credsProvider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(configMap.get("username"), configMap.get("password"));
credsProvider.setCredentials(AuthScope.ANY, credentials);
context.setCredentialsProvider(credsProvider);
context.setAuthCache(authCache);
}
config = RequestConfig.custom()
.setSocketTimeout(30000)
.setConnectTimeout(30000)
......
......@@ -11,6 +11,7 @@ public class LinotpTokenResultList extends ArrayList<LinotpToken> implements Ser
private String statusMessage;
private boolean readOnly;
private boolean reallyReadOnly;
private String managementUrl;
......@@ -58,4 +59,12 @@ public class LinotpTokenResultList extends ArrayList<LinotpToken> implements Ser
public void setAdminRole(String adminRole) {
this.adminRole = adminRole;
}
public boolean getReallyReadOnly() {
return reallyReadOnly;
}
public void setReallyReadOnly(boolean reallyReadOnly) {
this.reallyReadOnly = reallyReadOnly;
}
}
......@@ -112,6 +112,10 @@ public class TwoFaLoginBean implements Serializable {
return tokenList.getReadOnly();
}
public Boolean getReallyReadOnly() {
return tokenList.getReallyReadOnly();
}
public String getManagementUrl() {
return tokenList.getManagementUrl();
}
......
......@@ -275,6 +275,10 @@ public class TwoFaUserBean implements Serializable {
return tokenList.getReadOnly();
}
public Boolean getReallyReadOnly() {
return tokenList.getReallyReadOnly();
}
public String getManagementUrl() {
return tokenList.getManagementUrl();
}
......
......@@ -22,7 +22,12 @@
<h:form id="form" prependId="false">
<p:panel header="#{messages.twofa_login}">
<p:outputPanel rendered="#{twoFaLoginBean.readOnly}">
<p:outputPanel rendered="#{twoFaLoginBean.reallyReadOnly}">
<div><h:outputText value="#{messages.twofa_list_really_readonly}"/></div>
<div><a href="#{twoFaLoginBean.managementUrl}" target="_blank">#{twoFaLoginBean.managementUrl}</a></div>
</p:outputPanel>
<p:outputPanel rendered="#{twoFaLoginBean.readOnly and not twoFaLoginBean.reallyReadOnly}">
<div><h:outputText value="#{messages.twofa_list_readonly}"/></div>
<div><a href="#{twoFaLoginBean.managementUrl}" target="_blank">#{twoFaLoginBean.managementUrl}</a></div>
</p:outputPanel>
......@@ -41,7 +46,8 @@
update=":form" />
</p:panel>
<p:dataGrid var="token" value="#{twoFaLoginBean.tokenList}" columns="3" styleClass="whitefoot"
<p:dataGrid var="token" value="#{twoFaLoginBean.tokenList}" rendered="#{not twoFaLoginBean.reallyReadOnly}"
columns="3" styleClass="whitefoot"
layout="grid" style="margin-top: 16px; margin-bottom: 16px;">
<p:panel styleClass="grayback" style="margin-bottom: 0px;">
<f:facet name="header">
......
......@@ -27,7 +27,12 @@
<h:form id="form">
<div><p:messages showDetail="true" /></div>
<p:panel header="#{messages.twofa_list}" rendered="#{twoFaUserBean.readOnly}">
<p:panel header="#{messages.twofa_list}" rendered="#{twoFaUserBean.reallyReadOnly}">
<div><h:outputText value="#{messages.twofa_list_really_readonly}"/></div>
<div><a href="#{twoFaUserBean.managementUrl}" target="_blank">#{twoFaUserBean.managementUrl}</a></div>
</p:panel>
<p:panel header="#{messages.twofa_list}" rendered="#{twoFaUserBean.readOnly and not twoFaUserBean.reallyReadOnly}">
<div><h:outputText value="#{messages.twofa_list_readonly}"/></div>
<div><a href="#{twoFaUserBean.managementUrl}" target="_blank">#{twoFaUserBean.managementUrl}</a></div>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment